<?php
/* FILE: collection_item_list.php
 * DESCRIPTION: Page displaying the user's list of items in a given collection
 * POST DATA: N/A
 * GET DATA: colname (collection name), err (error code), clm (column where error occurred), sb (sort by data)
 */ 
 
 //Get the elements already in the URL
 function getUrlElements()
 {
	$elements =
		 ($_GET['ir'] != "" ? "&ir=".$_GET['ir'] : "")
		.($_GET['iu'] != "" ? "&iu=".$_GET['iu'] : "")
		.($_GET['a0'] != "" ? "&a0=".$_GET['a0'] : "")
		.($_GET['a1'] != "" ? "&a1=".$_GET['a1'] : "")
		.($_GET['a2'] != "" ? "&a2=".$_GET['a2'] : "")
		.($_GET['a3'] != "" ? "&a3=".$_GET['a3'] : "")
		.($_GET['a4'] != "" ? "&a4=".$_GET['a4'] : "")
		.($_GET['a5'] != "" ? "&a5=".$_GET['a5'] : "")
		.($_GET['a6'] != "" ? "&a6=".$_GET['a6'] : "")
		.($_GET['a7'] != "" ? "&a7=".$_GET['a7'] : "")
		.($_GET['a8'] != "" ? "&a8=".$_GET['a8'] : "")
		.($_GET['a9'] != "" ? "&a9=".$_GET['a9'] : "");
	
	return $elements;
 }
 
	// Inialize session
	session_start();
	
	// Include database connection settings
	include('config.inc');
	
	// Include functions
	include('includes/functions.php');
	
	//Check to see if current user is owner of collection
	if(getUID($_GET['colname']) == $_SESSION['user_name'])
	{
		$sortby = $_GET['sb'];
		$rating = $_GET['ir'];
		$url = $_GET['iu'];
		$attr = array (
			$_GET['a0'],
			$_GET['a1'],
			$_GET['a2'],
			$_GET['a3'],
			$_GET['a4'],
			$_GET['a5'],
			$_GET['a6'],
			$_GET['a7'],
			$_GET['a8'],
			$_GET['a9'],
		);
		// Query to get column names of collection		
		$columnNamesResult = getAttributes($_GET['colname']);
		
		if($sortby == "")
		{
			//Query to get collection data - only query off search terms if provided
			$collectionQuery = "SELECT item_rating, item_image_url, "
					. getProjection($_GET['colname'], $_SESSION['user_name'])
					. ", item_id FROM item t1 "
					. " INNER JOIN "
					. mysql_real_escape_string($_GET['colname'])
					. " t2 ON t1.item_id = t2."
					. removeUID(mysql_real_escape_string($_GET['colname']))
					. "_item_id"
					. " AND t1.item_user_id = '"
					. mysql_real_escape_string($_SESSION['user_name'])
					. "' AND t1.item_collection_name = '"
					. mysql_real_escape_string($_GET['colname'])
					. "' " 
					. ($rating != "" ? "AND item_rating LIKE '%" . mysql_real_escape_string($rating) . "%' " : "")
					. ($url != "" ? "AND item_image_url LIKE '%" . mysql_real_escape_string($url) . "%' " : "");
			//Add search terms
			for($a=0; $a < mysql_num_rows($columnNamesResult); $a++)
			{
				$cnr = mysql_fetch_array($columnNamesResult);
				$collectionQuery = 
					$collectionQuery
					. ($attr[$a] != "" ? "AND " . $cnr[0] . " LIKE '%" . $attr[$a] . "%' " : "");
			}	
			$collectionQuery = 
				$collectionQuery . "ORDER BY item_id ASC;";
		}
		else
		{
			//Query to get collection data with sort term - only query off search terms if provided
			$collectionQuery = "SELECT item_rating, item_image_url, "
					. getProjection($_GET['colname'], $_SESSION['user_name'])
					. ", item_id FROM item t1 "
					. " INNER JOIN "
					. mysql_real_escape_string($_GET['colname'])
					. " t2 ON t1.item_id = t2."
					. removeUID(mysql_real_escape_string($_GET['colname']))
					. "_item_id"
					. " AND t1.item_user_id = '"
					. mysql_real_escape_string($_SESSION['user_name'])
					. "' AND t1.item_collection_name = '"
					. mysql_real_escape_string($_GET['colname'])
					. "' " 
					. ($rating != "" ? "AND item_rating LIKE '%" . mysql_real_escape_string($rating) . "%' " : "")
					. ($url != "" ? "AND item_image_url LIKE '%" . mysql_real_escape_string($url) . "%' " : "");
			//Add search terms
			for($a=0; $a < mysql_num_rows($columnNamesResult); $a++)
			{
				$cnr = mysql_fetch_array($columnNamesResult);
				$collectionQuery = 
					$collectionQuery
					. ($attr[$a] != "" ? "AND " . $cnr[0] . " LIKE '%" . $attr[$a] . "%' " : "");
			}		
			$collectionQuery = 
				$collectionQuery ." ORDER BY "
					. mysql_real_escape_string($sortby)
					. " ASC;";
		}

		// Query to grab data for the collection
		if(!$result = mysql_query($collectionQuery))
		{
			echo $collectionQuery;
			die(": Error");
		}

		//Output
		echo "<html><body link=\"blue\" vlink=\"blue\">";
		echo "<a href=\"collection_list.php\">Back to Collection List</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
		echo "|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"collection_item_list.php?colname=".$_GET['colname']."\">Reset Search & Sort</a>";
		switch($_GET['err'])
		{
			case 'badurl': echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font style=\"color:#FF0000; font-weight:bold;\">ERROR: Invalid input in URL field.</font>"; break;
			case 'badinput': echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font style=\"color:#FF0000; font-weight:bold;\">ERROR: Invalid input in "
				. $_GET['clm'] . " field.</font>"; break;
			default: " "; break;
		}
		echo "<h3>Your Items</h3><table cellspacing=\"0\" border=\"1\" cellpadding=\"2\">";
		/**************************/
		echo "<tr bgcolor=\"#000000\" style=\"border-style:none;\">";
		echo "<form action=\"process_search_items.php?sb=".$sortby."&cname=". $_GET['colname'] . "\" method=\"POST\" name=\"csearch\">";
			echo "<td style=\"border-style:none;\"><select name=\"crate\">";
			echo "<option value=\"null\">Rating</option>";
			echo "<option value=\"zero\">0</option>";
			echo "<option value=\"one\">1</option>";
			echo "<option value=\"two\">2</option>";
			echo "<option value=\"thr\">3</option>";
			echo "<option value=\"four\">4</option>";
			echo "<option value=\"five\">5</option>";
			echo "</select>";
			echo "</td>";		
		echo "<td style=\"border-style:none;\"><input type=\"text\" name=\"iurl\" style=\"width:100%;\"/></td>";
		//Output the text fields for search in particular collection
		for ($a = 0; $a < mysql_num_rows($columnNamesResult); $a++)
		{
			echo "<td style=\"border-style:none;\"><input type=\"text\" name=\"attr"
				. $a . "\" style=\"width:100%;\"/></td>";
		}
		echo "<td style=\"border-style:none;\"><input type=\"submit\" value=\"Search\" style=\"width:65px;\"/></td>";
		echo "</form></tr>";
		/*************************/
		echo "<tr bgcolor=\"#FFFF99\">";
		echo "<td style=\"font-weight:bold;\"><a href=\"collection_item_list.php?colname=" 
				. $_GET['colname'] 
				. "&sb=item_rating"
				. getUrlElements()
				. "\">Rating</a></td>";
		echo "<td style=\"font-weight:bold;\"><a href=\"collection_item_list.php?colname=" 
				. $_GET['colname'] 
				. "&sb=item_image_url"
				. getUrlElements()
				. "\">Image URL</a></td>";
		
		//Get the number of attributes that need form elements.
		$numAttributes = mysql_num_rows($columnNamesResult) + 2;
		//Get the attribute names again
		$columnNamesResult = getAttributes($_GET['colname']);
		while ($row2 = mysql_fetch_row($columnNamesResult))
		{
			echo "<td style=\"font-weight:bold;\"><a href=\"collection_item_list.php?colname=" 
				. $_GET['colname'] 
				. "&sb="
				. $row2[0]
				. getUrlElements()
				. "\">";
			echo $row2[0] . "</a> (" . selectAttributeTypeString($row2[1]) . ")";
			echo "</td>";
		}
		//Add an extra cell for Delete/Modify buttons
		echo "<td style=\"font-weight:bold;\">Actions</td>";
		echo "</tr>";
		echo "<tr bgcolor=\"#CCCCCC\">";
		
		// Pass the collection name in the query string.
		echo "<form name=\"newitem\" action=\"process_create_item.php?cname=" 
			. mysql_real_escape_string($_GET["colname"]) 
			. "\" method=\"POST\">"; 
		
		//Output rating spinner first
		echo "<td><select name=\"0\">";
		echo "<option value=\"zero\">0</option>";
		echo "<option value=\"one\">1</option>";
		echo "<option value=\"two\">2</option>";
		echo "<option value=\"thr\">3</option>";
		echo "<option value=\"four\">4</option>";
		echo "<option value=\"five\">5</option>";
		echo "</select>";
		echo "</td>";
		//Output new item form
		for($i = 1; $i < $numAttributes; $i++)
		{
			echo "<td><input type=\"text\" name=\"" . $i . "\" /></td>";
		}
		//Display button to add new item to collection. Code borrowed from tutorial here: 
		//http://www.webdevelopersnotes.com/tips/html/using_an_image_as_a_submit_button.php3?
		echo "<td style=\"border-width: 0px;\" bgcolor=\"#FFFFFF\">"
			. "<a href=\"javascript:document.newitem.submit()\" "
			. "onmouseover=\"document.newitem.additem.src='./images/add_hover.gif'\" "
			. "onmouseout=\"document.newitem.additem.src='./images/add.gif'\" "
			. "onclick=\"return val_form_this_page()\" style=\"color:#FFFFFF;\">";
		echo "<img src=\"./images/add.gif\" "
			. "alt=\"Add item\" name=\"additem\" /></a></td>";
		
		echo "</form></tr>";

		$c = 0;
		if (mysql_num_rows($result) > 0) {
			// Grabs item one by one
			while ($row = mysql_fetch_row($result))
			{
				if($c % 2 == 0)
				{
					$color = '#FFFFFF';
				}
				else
				{
					$color = '#FFFF99';
				}
				
				echo "<tr bgcolor=\"" . $color . "\">";
				
				// Output data column by column
				for($i = 0;  $i < mysql_num_fields($result)-1; $i++)
				{
					echo "<td style=\"font-weight:bold;\">";
					//For the image URL, create the link
					if($i == 1)
					{
						echo "<a href=\"" 
							. (urldecode($row[$i])) 
							. "\" target=\"_blank\" alt=\"View Pic\">";
						echo urldecode($row[$i]);
						echo "</a>";
					}
					else
					{
						echo htmlspecialchars($row[$i]);
					}
					echo "</td>";
				}
				
				echo "<td style=\"border-width: 0px;\" bgcolor=\"#FFFFFF\">";
				//DELETE button
				echo "<a href=\"process_delete_item.php?id="
				. mysql_real_escape_string($row[count($row)-1])
				. "&cname="
				. mysql_real_escape_string($_GET['colname'])
				. "\""
				. "onmouseover=\"document.del" . (string)$c . ".src='./images/del_hover.gif'\" "
				. "onmouseout=\"document.del" . (string)$c . ".src='./images/del.gif'\" "
				. "onclick=\"return val_form_this_page()\" style=\"color:#FFFFFF;\">";
				echo "<img src=\"./images/del.gif\" name=\"del" . (string)$c . "\" />";
				echo "</a>&nbsp;";
				//EDIT button
				echo "<a href=\"edit_item.php?id="
				. mysql_real_escape_string($row[count($row)-1])
				. "&cname="
				. mysql_real_escape_string($_GET['colname'])
				. "\""
				. "onmouseover=\"document.mod" . (string)$c . ".src='./images/mod_hover.gif'\" "
				. "onmouseout=\"document.mod" . (string)$c . ".src='./images/mod.gif'\" "
				. "onclick=\"return val_form_this_page()\" style=\"color:#FFFFFF;\">";
				echo "<img src=\"./images/mod.gif\" name=\"mod" . (string)$c . "\" />";
				echo "</a>";
				echo "</td>";
				echo "</tr>";
				$c = $c + 1;
			}
		}
		echo "</table></body></html>";
		// Else, Nothing exists so just output the column names
	}
	else
	{
		unset($_SESSION['user_name']);
		header('Location: index.php?err=denied');
	}
?>